v3.9.2

5 years ago · b045b2aafc
10 changed files with 136 additions and 139 deletions
--- a/README.md
+++ b/README.md
@ -134,6 +134,7 @@ For Apache do virtualhost with cgi-bin. Like this:
        ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"

        <Directory /var/www/haproxy-wi/app>
+		    DirectoryIndex overview.py
            Options +ExecCGI
            AddHandler cgi-script .py
            Order deny,allow
@ -146,33 +147,33 @@ For Apache do virtualhost with cgi-bin. Like this:
 			Deny from all
        </Directory>
 	
-		<Directory /var/www/haproxy-wi/keys>
-			Options +ExecCGI -Indexes +MultiViews
-			Order Deny,Allow
-			Deny from all
-		</Directory>
+        <Directory /var/www/haproxy-wi/keys>
+		    Options +ExecCGI -Indexes +MultiViews
+		    Order Deny,Allow
+		    Deny from all
+        </Directory>

-		<FilesMatch "\.cfg$">
+        <FilesMatch "\.cfg$">
 			Order Deny,Allow
 			Deny from all
-		</FilesMatch>
+        </FilesMatch>
 		
-		<FilesMatch "\.db$">
-			Order Deny,Allow
-			Deny from all
-		</FilesMatch>
+        <FilesMatch "\.db$">
+		    Order Deny,Allow
+		    Deny from all
+        </FilesMatch>
 		
-		<IfModule mod_headers.c>
-			Header set X-XSS-Protection: 1;
-			Header set X-Frame-Options: deny
-			Header set X-Content-Type-Options: nosniff
-			Header set Strict-Transport-Security: max-age=3600;
-			Header set Cache-Control no-cache
-			Header set Expires: 0
-
-			<filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
+        <IfModule mod_headers.c>
+		    Header set X-XSS-Protection: 1;
+		    Header set X-Frame-Options: deny
+		    Header set X-Content-Type-Options: nosniff
+		    Header set Strict-Transport-Security: max-age=3600;
+		    Header set Cache-Control no-cache
+		    Header set Expires: 0
+
+		    <filesMatch ".(ico|css|js|gif|jpeg|jpg|png|svg|woff|ttf|eot)$">
 				Header set Cache-Control "max-age=86400, public"
-			</filesMatch>
+		    </filesMatch>
 		</IfModule>
 </VirtualHost>
 ```
@ -213,6 +214,11 @@ For Runtime API, Metrics and Alerting enable state file and stat socket on HApro
        load-server-state-from-file global
 		
    listen stats 
+        bind *:8085
+        stats enable
+        stats uri /stats
+        stats realm HAProxy-04\ Statistics
+        stats auth admin:password
        stats admin if TRUE 
   ```
 ![alt text](image/haproxy-wi-logs.png "View logs page")
--- a/app/create_db.py
+++ b/app/create_db.py
@ -459,7 +459,7 @@ def update_db_v_3_8_1(**kwargs):
 	
 def update_ver(**kwargs):
 	con, cur = get_cur()
-	sql = """update version set version = '3.9.1'; """
+	sql = """update version set version = '3.9.2'; """
 	try:    
 		cur.execute(sql)
 		con.commit()
--- a/app/funct.py
+++ b/app/funct.py
@ -155,11 +155,10 @@ def page_for_admin(**kwargs):
 		print('<center><h3 style="color: red">How did you get here?! O_o You do not have need permissions</h>')
 		print('<meta http-equiv="refresh" content="5; url=/">')
 		import sys
-		sys.exit()
-				
-def ssh_connect(serv, **kwargs):
-	import paramiko
-	from paramiko import SSHClient
+		sys.exit()	
+	
+	
+def return_ssh_keys_path(serv):
 	import sql
 	fullpath = get_config_var('main', 'fullpath')
 	ssh_enable = ''
@ -172,6 +171,16 @@ def ssh_connect(serv, **kwargs):
 		ssh_user_name = sshs[4]
 		ssh_user_password = sshs[5]
 		ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
+		
+	return ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name
+	
+				
+def ssh_connect(serv, **kwargs):
+	import paramiko
+	from paramiko import SSHClient
+	import sql
+	
+	ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv)

 	servers = sql.select_servers(server=serv)
 	for server in servers:
@ -327,7 +336,7 @@ def rewrite_section(start_line, end_line, config, section):
 			return_config += line
 		
 	return return_config
-	
+
 	
 def install_haproxy(serv, **kwargs):
 	import sql
@ -339,17 +348,10 @@ def install_haproxy(serv, **kwargs):
 	stats_password = sql.get_setting('stats_password')
 	proxy = sql.get_setting('proxy')
 	hapver = kwargs.get('hapver')
-	fullpath = get_config_var('main', 'fullpath')
-	ssh_enable = ''
-	ssh_port = ''
-	ssh_user_name = ''
-	ssh_user_password = ''
+	ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv)
 	
-	for sshs in sql.select_ssh(serv=serv):
-		ssh_enable = sshs[3]
-		ssh_user_name = sshs[4]
-		ssh_user_password = sshs[5]
-		ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
+	if ssh_enable == 0:
+		ssh_key_name = ''
 		
 	os.system("cp scripts/%s ." % script)
 	
--- a/app/index.html
+++ b/app/index.html
@ -1,32 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-	<head>
-		<meta charset="utf-8">
-		<title>HAProxy-WI</title>
-		<link href="/inc/images/favicon.ico" rel="icon" type="image/x-icon">
-		<link rel="shortcut icon" href="/inc/images/favicon.ico" type="image/x-icon">
-		<link href="/inc/style.css" rel="stylesheet">
-		<link href="/inc/nprogress.css" rel="stylesheet">
-		<link rel="stylesheet" href="/inc/jquery-ui.css">
-		<script src="/inc/jquery-1.12.4.js"></script>
-		<script src="/inc/jquery-ui.js"></script>
-		<script src="/inc/nprogress.js"></script>
-		<meta http-equiv="refresh" content="0; url=/app/overview.py" />
-	</head>
-	<body style="background-color: #239dee;">
-		<script>
-			$( function() {
-				NProgress.start();
-				$('#cover').fadeIn('fast');
-			});
-		</script>
-		<div id="cover"></div>
-		<center>
-		<div style="color: white;">
-			<h1 style="font-size: 100px;">Welcome to</h1>
-			<img src="/inc/images/logo_index.png" alt="logo" style="margin-top: -50px;display: block;padding-bottom: 70px;" />
-			<b style="font-size: 30px;">Redirecting... Please wait</b>
-		</div>
-		</center>
-	</body>
-</html>
--- a/app/options.py
+++ b/app/options.py
@ -582,18 +582,12 @@ if form.getvalue('master'):
 	script = "install_keepalived.sh"
 	fullpath = funct.get_config_var('main', 'fullpath')
 	proxy = sql.get_setting('proxy')
-	ssh_enable = ''
-	ssh_port = ''
-	ssh_user_name = ''
-	ssh_user_password = ''
+	ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(master)
 	
-	proxy_serv = proxy if proxy is not None else ""
+	if ssh_enable == 0:
+		ssh_key_name = ''
 	
-	for sshs in sql.select_ssh(serv=master):
-		ssh_enable = sshs[3]
-		ssh_user_name = sshs[4]
-		ssh_user_password = sshs[5]
-		ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
+	proxy_serv = proxy if proxy is not None else ""
 		
 	os.system("cp scripts/%s ." % script)
 	
@ -624,11 +618,10 @@ if form.getvalue('master'):
 		else:
 			print('success: Master Keepalived was installed<br>')
 				
-	for sshs in sql.select_ssh(serv=slave):
-		ssh_enable = sshs[3]
-		ssh_user_name = sshs[4]
-		ssh_user_password = sshs[5]
-		ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
+	ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(slave)
+	
+	if ssh_enable == 0:
+		ssh_key_name = ''
 		
 	commands = [ "chmod +x "+script +" &&  ./"+script +" PROXY=" +proxy_serv+ 
 				" ETH="+ETH+" IP="+IP+" MASTER=BACKUP"+" HOST="+str(slave)+
@ -664,20 +657,11 @@ if form.getvalue('masteradd'):
 	IP = form.getvalue('vrrpipadd')
 	kp = form.getvalue('kp')
 	script = "install_keepalived.sh"
-	fullpath = funct.get_config_var('main', 'fullpath')
-	proxy = sql.get_setting('proxy')
-	ssh_enable = ''
-	ssh_port = ''
-	ssh_user_name = ''
-	ssh_user_password = ''
-	
-	proxy_serv = proxy if proxy is not None else ""
+	proxy = sql.get_setting('proxy')	
+	ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(master)
 	
-	for sshs in sql.select_ssh(serv=master):
-		ssh_enable = sshs[3]
-		ssh_user_name = sshs[4]
-		ssh_user_password = sshs[5]
-		ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
+	if ssh_enable == 0:
+		ssh_key_name = ''
 		
 	os.system("cp scripts/%s ." % script)
 		
@ -705,11 +689,10 @@ if form.getvalue('masteradd'):
 			print('success: Master VRRP address was added<br>')
 		
 		
-	for sshs in sql.select_ssh(serv=slave):
-		ssh_enable = sshs[3]
-		ssh_user_name = sshs[4]
-		ssh_user_password = sshs[5]
-		ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
+	ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(slave)
+	
+	if ssh_enable == 0:
+		ssh_key_name = ''
 	
 	commands = [ "chmod +x "+script +" &&  ./"+script +" PROXY=" + proxy_serv+ 
 				" ETH="+ETH+" IP="+str(IP)+" MASTER=BACKUP"+" RESTART="+kp+" ADD_VRRP=1 HOST="+str(slave)+
@ -781,8 +764,6 @@ if form.getvalue('new_metrics'):
 	for i in metric:
 		label = str(i[5])
 		label = label.split(' ')[1]
-		#label = label.split(':')
-		#labels += label[0]+':'+label[1]+','
 		labels += label+','
 		curr_con += str(i[1])+','
 		curr_ssl_con += str(i[2])+','
@ -811,7 +792,6 @@ if form.getvalue('new_waf_metrics'):
 	for i in metric:
 		label = str(i[2])
 		label = label.split(' ')[1]
-		# label = label.split(':')
 		labels += label[0]+','
 		curr_con += str(i[1])+','
 		
--- a/app/scripts/ansible/roles/haproxy/tasks/main.yml
+++ b/app/scripts/ansible/roles/haproxy/tasks/main.yml
@ -3,6 +3,10 @@
  package_facts:
    manager: "auto"
  
+
+- name: populate service facts
+  service_facts:
+
  
 - name: install HAProxy {{HAPVER}}
  yum:
@ -94,6 +98,27 @@
  set_fact:
    haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}"
    
+    
+- name: Open stat port for firewalld
+  firewalld:
+    port: "{{ item }}/tcp"
+    state: enabled
+    permanent: yes
+    immediate: yes
+  ignore_errors: yes
+  when: ansible_facts.services["firewalld.service"]['state'] == "running"
+  with_items:  [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
+  
+  
+- name: Open stat port for iptables
+  iptables:
+    chain: INPUT
+    destination_port: "{{ item }}"
+    jump: ACCEPT
+    protocol: tcp
+  ignore_errors: yes
+  with_items:  [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
+  
  
 - name: Copy HAProxy configuration in place.
  template:
--- a/app/scripts/waf.sh
+++ b/app/scripts/waf.sh
@ -27,7 +27,7 @@ then
 fi

 if [ -f $HAPROXY_PATH/waf/modsecurity.conf  ];then
-	echo -e 'error: Haproxy WAF already installed. You can edit config<a href="/app/config.py" title="Edit HAProxy config">here</a> <br /><br />'
+	echo -e 'error: Haproxy WAF already installed.  <br /><br />'
 	exit 1
 fi
 if hash apt-get 2>/dev/null; then
--- a/config_other/httpd/haproxy-wi.conf
+++ b/config_other/httpd/haproxy-wi.conf
@ -1,40 +1,40 @@
 <VirtualHost *:443>
-		WSGIDaemonProcess api display-name=%{GROUP} user=apache group=apache processes=1 threads=5
-        WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi
+    WSGIDaemonProcess api display-name=%{GROUP} user=apache group=apache processes=1 threads=5
+    WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi

-        <Directory /var/www/haproxy-wi/api>
-                WSGIProcessGroup api
-                WSGIApplicationGroup %{GLOBAL}
-                Order deny,allow
-                Allow from all
-		</Directory>
+    <Directory /var/www/haproxy-wi/api>
+        WSGIProcessGroup api
+        WSGIApplicationGroup %{GLOBAL}
+        Order deny,allow
+        Allow from all
+    </Directory>

-		SSLEngine on
-        SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
-        SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key
+	SSLEngine on
+    SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt
+    SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key

-        ServerName haprox-wi.example.com
-        ErrorLog /var/log/httpd/haproxy-wi.error.log
-        CustomLog /var/log/httpd/haproxy-wi.access.log combined
-		TimeOut 600
-		LimitRequestLine 16380
+    ServerName haprox-wi.example.com
+    ErrorLog /var/log/httpd/haproxy-wi.error.log
+    CustomLog /var/log/httpd/haproxy-wi.access.log combined
+	TimeOut 600
+	LimitRequestLine 16380

-        DocumentRoot /var/www/haproxy-wi
-        ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"
+    DocumentRoot /var/www/haproxy-wi
+    ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/"

-
-        <Directory /var/www/haproxy-wi/app>
-                Options +ExecCGI
-                AddHandler cgi-script .py
-                Order deny,allow
-                Allow from all
-        </Directory>
+    <Directory /var/www/haproxy-wi/app>
+        DirectoryIndex overview.py
+        Options +ExecCGI
+        AddHandler cgi-script .py
+        Order deny,allow
+        Allow from all
+    </Directory>
 		
 	<Directory /var/www/haproxy-wi/app/certs>
-            	Options +ExecCGI -Indexes +MultiViews
-	    	Order Deny,Allow
-	    	Deny from all
-        </Directory>
+        Options +ExecCGI -Indexes +MultiViews
+	    Order Deny,Allow
+	    Deny from all
+    </Directory>
 	
 	<Directory /var/www/haproxy-wi/keys>
 		Options +ExecCGI -Indexes +MultiViews
@ -64,4 +64,4 @@
 			Header set Cache-Control "max-age=86400, public"
 		</filesMatch>
 	</IfModule>
-</VirtualHost>
+</VirtualHost>
--- a/image/haproxy-wi-overview.png
+++ b/image/haproxy-wi-overview.png
--- a/index.html
+++ b/index.html
@ -3,8 +3,24 @@
 	<head>
 		<meta charset="utf-8">
 		<title>HAProxy-WI</title>
-		<link href="/inc/images/favicon.ico" rel="icon" type="image/x-icon">
-		<link rel="shortcut icon" href="/inc/images/favicon.ico" type="image/x-icon">
+		<link href="/inc/images/favicon/favicon.ico" rel="icon" type="image/png" />
+		<link rel="apple-touch-icon" sizes="57x57" href="/inc/images/favicon/inc/images/favicon/apple-icon-57x57.png">
+		<link rel="apple-touch-icon" sizes="60x60" href="/inc/images/favicon/apple-icon-60x60.png">
+		<link rel="apple-touch-icon" sizes="72x72" href="/inc/images/favicon/apple-icon-72x72.png">
+		<link rel="apple-touch-icon" sizes="76x76" href="/inc/images/favicon/apple-icon-76x76.png">
+		<link rel="apple-touch-icon" sizes="114x114" href="/inc/images/favicon/apple-icon-114x114.png">
+		<link rel="apple-touch-icon" sizes="120x120" href="/inc/images/favicon/apple-icon-120x120.png">
+		<link rel="apple-touch-icon" sizes="144x144" href="/inc/images/favicon/apple-icon-144x144.png">
+		<link rel="apple-touch-icon" sizes="152x152" href="/inc/images/favicon/apple-icon-152x152.png">
+		<link rel="apple-touch-icon" sizes="180x180" href="/inc/images/favicon/apple-icon-180x180.png">
+		<link rel="icon" type="image/png" sizes="192x192"  href="/inc/images/favicon/android-icon-192x192.png">
+		<link rel="icon" type="image/png" sizes="32x32" href="/inc/images/favicon/favicon-32x32.png">
+		<link rel="icon" type="image/png" sizes="96x96" href="/inc/images/favicon/favicon-96x96.png">
+		<link rel="icon" type="image/png" sizes="16x16" href="/inc/images/favicon/favicon-16x16.png">
+		<link rel="manifest" href="/inc/images/favicon/manifest.json">
+		<meta name="msapplication-TileColor" content="#ffffff">
+		<meta name="msapplication-TileImage" content="/inc/images/favicon/ms-icon-144x144.png">
+		<meta name="theme-color" content="#ffffff">
 		<link href="/inc/style.css" rel="stylesheet">
 		<link href="/inc/nprogress.css" rel="stylesheet">
 		<link rel="stylesheet" href="/inc/jquery-ui.css">